[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sat, 07 Aug 2021 01:19:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6483fd64 by Salvatore Bonaccorso at 2021-08-07T10:18:53+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2021-38159
 CVE-2021-38158
        RESERVED
 CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 
9.x before ...)
-       TODO: check
+       NOT-FOR-US: LeoStream Connection Broker
 CVE-2021-38156
        RESERVED
 CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x 
before 17.0.1 ...)
@@ -28,7 +28,7 @@ CVE-2021-38150
 CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 
2.0.0 a ...)
        NOT-FOR-US: Chikitsa Patient Management System
 CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for 
non-htt ...)
-       TODO: check
+       NOT-FOR-US: Obsidian
 CVE-2021-38147
        RESERVED
 CVE-2021-38146
@@ -1303,35 +1303,35 @@ CVE-2021-37556 (A SQL injection vulnerability in 
reporting export in Centreon be
 CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a 
shell a ...)
        NOT-FOR-US: TX9 Automatic Food Dispenser
 CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see 
boards wit ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG 
was used. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was 
possible. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user 
passwords were  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe 
comparisons wer ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in 
workflows was ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext 
sometimes  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks 
during file ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key 
generation mechan ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient 
authentication che ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure 
deseriali ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without 
user con ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the 
password r ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially 
insufficient CSP f ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-37539
        RESERVED
 CVE-2021-3666
@@ -4271,7 +4271,7 @@ CVE-2021-36211
 CVE-2021-36210
        RESERVED
 CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was 
possible du ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2021-36208
        RESERVED
 CVE-2021-36207
@@ -6373,7 +6373,7 @@ CVE-2021-35314
 CVE-2021-35313
        RESERVED
 CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica 
Prodigy v1.7. ...)
-       TODO: check
+       NOT-FOR-US: Amica Prodigy
 CVE-2021-35311
        RESERVED
 CVE-2021-35310
@@ -37734,7 +37734,7 @@ CVE-2021-22297
 CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local 
attackers  ...)
        NOT-FOR-US: HarmonyOS
 CVE-2021-22295 (A component of the HarmonyOS has a permission bypass 
vulnerability. Lo ...)
-       TODO: check
+       NOT-FOR-US: HarmonyOS
 CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass 
vulnerabi ...)
        NOT-FOR-US: HarmonyOS
 CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of 
HTTP reque ...)
@@ -54204,9 +54204,9 @@ CVE-2020-28090
 CVE-2020-28089
        RESERVED
 CVE-2020-28088 (An arbitrary file upload vulnerability in 
/jeecg-boot/sys/common/uploa ...)
-       TODO: check
+       NOT-FOR-US: jeecg-boot CMS
 CVE-2020-28087 (A SQL injection vulnerability in /jeecg 
boot/sys/dict/loadtreedata of  ...)
-       TODO: check
+       NOT-FOR-US: jeecg-boot CMS
 CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for 
an uninte ...)
        - password-store <unfixed> (unimportant)
        NOTE: 
https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html
@@ -68199,7 +68199,7 @@ CVE-2020-22332
 CVE-2020-22331
        RESERVED
 CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via 
the titl ...)
-       TODO: check
+       NOT-FOR-US: Subrion
 CVE-2020-22329
        RESERVED
 CVE-2020-22328
@@ -70267,17 +70267,17 @@ CVE-2020-21360
 CVE-2020-21359
        RESERVED
 CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev 
allows attac ...)
-       TODO: check
+       NOT-FOR-US: Wage-CMS
 CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in 
/admin.php?mod=us ...)
-       TODO: check
+       NOT-FOR-US: PopojiCMS
 CVE-2020-21356 (An information disclosure vulnerability in upload.php of 
PopojiCMS 1.2 ...)
-       TODO: check
+       NOT-FOR-US: PopojiCMS
 CVE-2020-21355
        RESERVED
 CVE-2020-21354
        RESERVED
 CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in 
/admin/snippets.p ...)
-       TODO: check
+       NOT-FOR-US: GetSimple CMS
 CVE-2020-21352
        RESERVED
 CVE-2020-21351
@@ -75682,7 +75682,7 @@ CVE-2020-18696
 CVE-2020-18695
        RESERVED
 CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows 
remote att ...)
-       TODO: check
+       NOT-FOR-US: IgnitedCMS
 CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote 
attacker ...)
        NOT-FOR-US: MineWebCMS
 CVE-2020-18692



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6483fd642e3784406ce26129fdea3b525cd2e2c1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to